Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Microsoft
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Set ACL on Application and Security logs

from [Kern, Tom] Network Security [Permanent Link]
Subject: RE: Set ACL on Application and Security logs
Date: Mon, 16 May 2005 11:13:13 -0400 
You can do it in win2k its fairly easy with a gpo or manually adding a value to 
this reg key-
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\"name of 
eventlog" and create a dword value of 1.
There is alos a GPO for this.

For win2k3 look here-

http://support.microsoft.com/default.aspx?scid=kb;en-us;323076

You have to use SDDL, so its a little more of a pita.

Hope this helps

Z E wrote:

 Is there a way to prevent users from accessing the information in the
system and application logs? similar to the way that the security log
is restricted?

File system ACLs on the log files do not work. Plus, restricting the
Event viewer and computer management MMCs through group policy does
not ensure that users do not use command line tools to access these
logs.

Thanks for the help.

---------------------------------------------------------------------------
---------------------------------------------------------------------------



---------------------------------------------------------------------------
---------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Set ACL on Application and Security logs, Z E
Next by Date:  RE: Set ACL on Application and Security logs, Kern, Tom
Previous by Thread:  RE: Set ACL on Application and Security logs, Kern, Tom
Next by Thread:  Re: Set ACL on Application and Security logs, Z E
Indexes:  [Date] [Thread] [Top] [All Lists]